package com.cpx.config;

import com.cpx.dto.ShiroAuthoDto;
import com.cpx.feign.EmployeeFeign;
import com.cpx.po.Employee;
import com.cpx.po.Permission;
import com.cpx.po.Role;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;

import java.util.List;

/**
 * @Auther: PanBin
 * @Date: 2018-9-5 14:11
 * @Description: 完成根据用户名去数据库的查询,并且将用户信息放入shiro中,供MyCredentialsMatcher类调用
 * @Version: 1.0
 */
public class AuthRealm extends AuthorizingRealm {

    @Autowired
    private EmployeeFeign employeeFeign;

    /**
     * @Author: PanBin
     * @Description: 认证登录
     * @CreateDate: 2018-9-5 14:29
     * @Param [authenticationToken]
     * @Return org.apache.shiro.authc.AuthenticationInfo
     */
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        UsernamePasswordToken myToken=(UsernamePasswordToken) authenticationToken;//获取用户输入的token
        String username = myToken.getUsername();
        Employee employee = employeeFeign.findEmployeeByUsername(username);
        if (employee != null) {
            /**
             * 参数1:主角,当前登录的用户
             * 参数2:证书或者凭证,使用密码,使用跟页面传来的相同密码,不能使用数据库查询的暗码,要不然证书认证失败
             * 参数3:当前realm的名称
             */
            return new SimpleAuthenticationInfo(employee,employee.getPassword(),this.getClass().getName());//放入shiro.调用CredentialsMatcher检验密码
        }
        return null;
    }

    /**
     * @Author: PanBin
     * @Description: 授权
     * @CreateDate: 2018-9-5 14:29
     * @Param [principalCollection]
     * @Return org.apache.shiro.authz.AuthorizationInfo
     */
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principal) {
        // 获得经过认证的主体信息
        Employee employee = (Employee) principal.getPrimaryPrincipal();
        ShiroAuthoDto shiroAuthoDto = employeeFeign.getAuthcListByEmployeeId(employee.getId());
        SimpleAuthorizationInfo sai = null;
        if (shiroAuthoDto != null) {
            sai = new SimpleAuthorizationInfo();
            List<Permission> permissionList = shiroAuthoDto.getPermissionList();
            if (permissionList != null && !permissionList.isEmpty()) {
                for (Permission permission : permissionList) {
                    String permName = permission.getPermName();
                    sai.addStringPermission(permName);
                }
            }
            List<Role> roleList = shiroAuthoDto.getRoleList();
            if (roleList != null && !roleList.isEmpty()) {
                for(Role role : roleList) {
                    String roleName = role.getRoleName();
                    sai.addRole(roleName);
                }
            }
        }
        return sai;
    }
}
